x.509-Directory Authentication Service
SwathyT
22,133 views
10 slides
Mar 07, 2016
Slide 1 of 10
1
2
3
4
5
6
7
8
9
10
About This Presentation
Defines a framework for authentication service using the X.500 directory.It is the Repository of public-key certificates,Based on use of public-key cryptography and digital signatures.
Slide Content
X.509-DIRECTORY AUTHENTICATION SERVICE
X.509 Authentication Service Introduction ITU-T X.509 : Part of X.500 Directory Services Issued in 1988; revised in 1993 and 1995 Defines a framework for authentication service using the X.500 directory Repository of public-key certificates Based on use of public-key cryptography and digital signatures Recommends use of RSA
Public-key Certificates Associated with user Created by trusted third party Certificate authority (CA) Placed in directory by CA or by the user Directory server location for certificate access does not create the certificates
X.509 Certificate Format The general format for a certificate is: Version V Serial number SN Signature algorithm identifier AI Issuer Name CA Period of Validity T A
Subject Name A Subject’s Public-key Information A p Issuer Unique Identifier (added in Version 2) Subject Unique Identifier (added in Version 2) Extensions (added in Version 3) Signature
X.509 Standard Notation User certificates generated by a CA use the following standard notation: CA<<A>> = CA {V, SN, AI, CA, T A , A, A p } where Y <<X>> = the certificate of user X issued by the certification authority Y Y {I} = the signing of I by Y consisting of I with an encrypted hash code appended .
X.509 : Obtaining A User Certificate user certificates generated by a CA have the following characteristics : Any user with access to the public key of the CA can recover the user public key that was certified . No party other than the CA can modify the certificate without being detected. Since they are unforgeable,they can be placed in a directory without the need for the directory to make special efforts to protect them.
X.509: CA Trust Issues If all users subscribe to the same CA, then there is a common trust of that CA. All user certificates can be placed in the directory for access by all users. Any user can transmit his/her certificate directly to other users. Once B is in possession of A’s certificate, B has confidence that: Messages it encrypts will be secure. Messages signed with A’s private key are unforgivable.
X.509: Multiple CAs Large User Community Not Practical to Support All Users More Practical to Have Multiple CAs Each CA Provides Its Public Key to A Smaller User Group
X.509: Authentication Procedures Three alternative authentication procedures for X.509 Directory Authentication Service Each use public-key signatures Each assumes that two parties know each other’s public key. either obtained from Directory or obtained in an initial message
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 22,133
- Slides 10
- Favorites 7
- Age 3556 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views